mirror of
https://github.com/Memo-2023/mana-monorepo.git
synced 2026-05-15 20:59:40 +02:00
a7fe828d32
TRUSTED_ORIGINS was defined inside better-auth.config.ts, which pulls in the whole Better Auth stack just to read a list of hostnames. Anyone who wants to consume the list (infra tooling, compose-env generators, monitoring) had to either duplicate it or pay the import cost. - New `sso-origins.ts` — zero-dep module exposing `PRODUCTION_TRUSTED_ORIGINS` + `LOCAL_TRUSTED_ORIGINS` + the combined `TRUSTED_ORIGINS` list. This is now the canonical place to add a new top-level SSO origin. - `better-auth.config.ts` imports + re-exports so existing consumers keep working without a touch. - `sso-config.spec.ts` imports directly from `./sso-origins` (cleaner coupling) and now HARD-FAILS when mana-auth CORS_ORIGINS contains a production origin that isn't in trustedOrigins. Previously this was a `console.warn` only, meaning dead-drift could silently accumulate and then surface as a confusing runtime auth rejection. - Root CLAUDE.md "Adding an app to SSO" updated to point at the SSOT and mention the new hard-fail direction. No current drift — the mana-auth CORS_ORIGINS already match. The hardened assertion is defensive for future changes. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| auth | ||
| db | ||
| lib | ||
| middleware | ||
| routes | ||
| services | ||
| config.ts | ||
| index.ts | ||